Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter attr:matchingRule values reversed #23

Closed
martinvanhensbergen opened this issue Sep 22, 2023 · 9 comments · Fixed by #24
Closed

Filter attr:matchingRule values reversed #23

martinvanhensbergen opened this issue Sep 22, 2023 · 9 comments · Fixed by #24
Assignees
@bbannier

Comments

@martinvanhensbergen
Copy link

Hi all,

In some instances, for example in case 14.4 https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/examples-of-common-ldapsearches, we see that:

departmentNumber:2.16.840.1.113730.3.3.2.46.1:=>= N4709

is written in the logs as:

(2.16.840.1.113730.3.3.2.46.1:departmentNumber:=>=N4709).

Wireshark also correctly states departmentNumber:2.16.840.1.113730.3.3.2.46.1:=>= N4709 so I think it is not an issue with our pcap.

Should a PCAP be necessary for this we could try to isolate and scrub one.

Thanks!
@bbannier
Copy link
Member

Should a PCAP be necessary for this we could try to isolate and scrub one.

I haven't looked into this yet, but in general a PCAP is always helpful as it allows quickly reproducing an issue without having to generate input (which itself can be error-prone).

@martinvanhensbergen
Copy link
Author

Hi Zeek,

I can''t seem to attach pcap files through the web-interface. How shall I proceed? They are roughly 2k eachin size fo I can mail them or I can host them on my github?

@bbannier
Copy link
Member

I can''t seem to attach pcap files through the web-interface.

Hi @martinvanhensbergen, what issue are you seeing? If it is rejected because of the file type, try renaming the file extension to a supported type or alternatively compress it with zip which should be supported. If the issue is file size, maybe you can reduce the PCAP by removing frames not relevant to the problem?

@martinvanhensbergen
Copy link
Author

pcaps.zip

Lol, just as I was driving home an hour ago I thought: why didnt i just zip it and see if that works :-D and here you are suggesting the same. I think this will work indeed!

@bbannier
Copy link
Member

bbannier commented Sep 28, 2023
edited
Loading

@martinvanhensbergen, would we have your permission to incorporate these PCAPs into our test suite as part of this package (Zeek-flavored BSD-3 license, explicit call out of source in the developer documentation)?

@martinvanhensbergen
Copy link
Author

Yes, no problem! We created them in our lab and are free to use. Thanks!

@bbannier bbannier self-assigned this Sep 28, 2023
@bbannier bbannier mentioned this issue Sep 28, 2023
Merged
@bbannier
Copy link
Member

This should be fixed by the latest release of this plugin.

Like #21 this was about the string representation of parsed constructs, and having multiple separate issues show up in this area probably shows that this part of the parser might hide other bugs as well; please feel free to file new issues @martinvanhensbergen.

@martinvanhensbergen
Copy link
Author

Thank you very much; we will probably do a testrun with this new version somewhere next week!

@martinvanhensbergen
Copy link
Author

Today I can confirm that we no longer see the aforementioned issues after upgrading the package and we didn't see any regression either.

Thank you for such a short loop in fixing!

@bbannier bbannier mentioned this issue Nov 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bbannier bbannier

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix string representation of extended search filters zeek/spicy-ldap
2 participants
@bbannier @martinvanhensbergen